CVE-2008-6313

Name of the Vulnerable Software and Affected Versions: phpAddEdit version 1.3

Description: The issue allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter when magic quotes gpc is disabled. This could also lead to PHP remote file inclusion attacks.

Recommendations: For phpAddEdit version 1.3, consider disabling the addedit-render.php script or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent exploitation. Avoid using the editform parameter in the affected script until the issue is resolved.